Menu
Amazon Simple Storage Service
Console User Guide

How Do I Add a Cross-Region Replication Rule to an S3 Bucket?

Cross-region replication is the automatic, asynchronous copying of objects across buckets in different AWS Regions. Cross-region replication replicates newly created objects, object updates, and object deletions from a source bucket to a destination bucket in a different AWS Region.

Cross-region replication requires that the source and destination buckets be in different AWS Regions, and versioning must be enabled on both the source and destination buckets. To review the full list of requirements, see Requirements for Cross-Region Replication in the Amazon Simple Storage Service Developer Guide. For more information about versioning, see How Do I Enable or Suspend Versioning for an S3 Bucket?.

The object replicas in the destination bucket are exact replicas of the objects in the source bucket. They have the same key names and the same metadata—for example, creation time, owner, user-defined metadata, version ID, ACL, and storage class. (Optionally, you can explicitly specify a different storage class for object replicas.) The time it takes for Amazon S3 to replicate an object depends on the object size. It can take up to several hours to replicate a large-sized object.

Note about replication and lifecycle rules

Metadata for an object remains identical between original objects and replica objects. Lifecycle rules abide by the creation time of the original object, and not by when the replicated object becomes available in the destination bucket. However, lifecycle actions on objects that are pending replication do not resolve until the replication has completed.

You use the Amazon S3 console to add replication rules to the source bucket. Replication rules define which source bucket objects to replicate and the destination bucket where the replicated objects are stored. You can create rules to replicate all the objects in a bucket or a subset of objects with specific key name prefixes (that is, objects that have names that begin with a common string). A destination bucket can be in the same AWS account as the source bucket, or it can be in a different account. The destination bucket must always be in a different Region than the source bucket.

If the destination bucket is in a different account from the source bucket, you must add a bucket policy to the destination bucket to grant the owner of the source bucket account permission to replicate objects in the destination bucket. The Amazon S3 console builds this required bucket policy for you to copy and add to the destination bucket in the other account.

When you add a replication rule to a bucket, the rule is enabled by default, so it starts working as soon as you save it. You can specify that the rule be disabled, and then you can enable it later.

To add a cross-region replication rule to an S3 bucket

  1. Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/.

  2. In the Bucket name list, choose the name of the bucket that you want.

    
          Bucket name list with bucket name selected
  3. Choose Management, choose Replication, and then choose Add rule.

    
          Management tab with Replication and Add rule selected
  4. To replicate the whole bucket, in the Replication rule dialog box, under Source, choose All contents in bucket-name. To replicate all objects that have the same prefix (for example, all objects that have names that begin with the string pictures), choose Prefix in this bucket. For example, all objects in a folder named pictures. If you enter a prefix that is the name of a folder, you must use / (forward slash) as the last character (for example, pictures/).

    Under Status, Enabled is selected by default. An enabled rule starts to work as soon as you save it. If you want to enable the rule later, select Disabled. Choose Next.

    
          Replication rule dialog box with Prefix in this bucket and Enabled status
            selected
  5. On the Destination page, under Destination bucket, type the name of the destination bucket for the replication, or choose a name in the drop-down list. You can choose a destination bucket that's in the same account as the source bucket, or you can choose a destination bucket from a different AWS account.

    
          Destination bucket section with Buckets in this account selected
    • To choose a destination bucket from the account that you're currently using, Choose Buckets in this account. If you don't see the bucket that you want in the list, confirm that the bucket exists and that it's in a different Region than the source bucket. If versioning is not enabled on the destination bucket, you get a warning message that contains an Enable versioning button. Choose this button to enable versioning on the bucket.

      
              Error message stating that the destination bucket doesn't have versioning
                enabled
    • To choose a destination bucket from an AWS account that is different from the source bucket account, choose Buckets in another account.

      1. Under Bucket name, type the name of the destination bucket that is in another account, and then choose Save.

        
                  Destination bucket name with buckets in another account selected
      2. After you save the destination bucket name, you might get a warning message indicating that you must add a bucket policy to the destination bucket so that Amazon S3 can verify whether versioning is enabled on the bucket.

        
                  Warning message stating that S3 can't detect whether versioning is enabled
                    on the destination bucket

        You can't save the replication rule until you add the required bucket policy to the destination bucket. Before you proceed with the Replication wizard, we recommend that you choose Next, copy the bucket policy from the Permissions page, and then add the policy to the destination bucket in the other account. For information about adding a bucket policy to an S3 bucket, see How Do I Add an S3 Bucket Policy?.

        
                  Example bucket policy for the destination bucket
  6. On the Destination page, under Options, select Change the storage class for the replicated object(s). Then choose the storage class that you want to use for the replicated objects in the destination bucket. If you don't select this option, the storage class for replicated objects is the same class as the original objects. Choose Next.

    
          Destination options with Change the storage class for replicated objects
            selected
  7. Set up an AWS Identity and Access Management (IAM) role that Amazon S3 can assume to perform cross-region replication of objects on your behalf.

    To set up an IAM role, on the Permissions page, under Select role, do one of the following:

    • If you want Amazon S3 to create a new IAM role for you, choose Create new role. When you save the rule, a new policy is generated for the IAM role that matches the source and destination buckets that you choose. The name of the generated role is based on the bucket names and uses the following naming convention: replication_role_for_source-bucket_to_destination-bucket.

    • If you want to use an existing IAM role, choose one that allows Amazon S3 to replicate objects from the source bucket to the destination bucket on your behalf.

    
          Select an IAM role for your replication

    If you chose a destination bucket from another account on the previous Destination page, a bucket policy appears on the Permissions page. You can copy this policy and add it to the destination bucket, as shown in Step 5.

    Choose Next.

  8. On the Review page, review your replication rule. If it looks correct, choose Save. Otherwise, choose Previous to edit the rule before saving it.

    If you get an error when you try to save the rule, check to see whether versioning is enabled on the destination bucket. If the destination bucket is in a different AWS account, make sure that the bucket has the required bucket policy as described in Step 5.

    
          Error message stating that the destination bucket must have versioning
            enabled
  9. After you save your rule, you can edit, enable, disable, or delete your rule on the Replication page.

    
          Replication page displaying rule details and options

More Info

On this page: